Add deployment, namespace, and external secret configurations for cloudflared

Author: HYP3R00T

infrastructure/base/cloudflared/deployment.yaml

@@ -0,0 +1,48 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cloudflared
+  namespace: cloudflared
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: cloudflared
+  template:
+    metadata:
+      labels:
+        app: cloudflared
+    spec:
+      containers:
+        - name: cloudflared
+          image: cloudflare/cloudflared:latest
+          command: ["cloudflared"]
+          args:
+            - "--no-autoupdate"
+            - "--credentials-file"
+            - "/etc/cloudflared/credentials.json"
+            - "tunnel"
+            - "run"
+            - "$(TUNNEL_ID)"
+          env:
+            - name: TUNNEL_ID
+              valueFrom:
+                secretKeyRef:
+                  name: cloudflared-credentials
+                  key: tunnel-id
+          volumeMounts:
+            - name: cloudflared-credentials
+              mountPath: /etc/cloudflared/credentials.json
+              subPath: credentials-file
+              readOnly: true
+          resources:
+            limits:
+              cpu: 500m
+              memory: 256Mi
+            requests:
+              cpu: 100m
+              memory: 128Mi
+      volumes:
+        - name: cloudflared-credentials
+          secret:
+            secretName: cloudflared-credentials

infrastructure/base/cloudflared/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - namespace.yaml
+  - deployment.yaml

infrastructure/base/cloudflared/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: cloudflared

infrastructure/lab/cloudflared/externalSecret.yaml

@@ -0,0 +1,22 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: cloudflared-credentials
+  namespace: cloudflared
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: vault
+    kind: ClusterSecretStore
+  target:
+    name: cloudflared-credentials
+    creationPolicy: Owner
+  data:
+    - secretKey: credentials-file
+      remoteRef:
+        key: secret/data/cloudflared/tunnel
+        property: credentials-file
+    - secretKey: tunnel-id
+      remoteRef:
+        key: secret/data/cloudflared/tunnel
+        property: tunnel-id

infrastructure/lab/cloudflared/kustomization.yaml

@@ -0,0 +1,15 @@
+# https://external-secrets.io/latest/introduction/getting-started/#installing-with-helm
+
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: cloudflared
+resources:
+  - ../../base/cloudflared/
+  - externalSecret.yaml
+# configMapGenerator:
+#   - name: external-secrets-values
+#     files:
+#       - values.yaml
+
+# generatorOptions:
+#   disableNameSuffixHash: true